• Protection
    • Cybercrime Fraud

Top cyber threats and how to protect yourself

  • Article

From malware to phishing, get to know the most common types of cyber attack to affect businesses today and how you spot and prevent these threats before they start.


Malware describes any type of software that is created with the intention of harming its target. Just some of the threats include viruses, trojan horses, bots, adware and ransomware. Malware can get into your system through infected hardware or phishing scams, staying hidden among your legitimate programs before it's activated. Costing private and corporate users alike, it can steal information, damage your system and hijack or spy on you.

How can I defend my business against malware?

  • Develop and implement a response, recovery and back-up process for both your computer systems and your business operations.
  • Keep your PCs, servers and associated hardware up to date, as well as installing the latest security software such as firewalls, anti-virus, `sandboxes' and anomaly detection on all of your machines.
  • Use authorisation, avoid questionable websites and programs, put a strong password policy in place and monitor the use of `plug-in' devices (e.g. USB sticks, external hard drives and mobile phones).


Phishing emails look real and appear to be from legitimate senders, to entice you to click on malicious links or attachments - in order to steal money or data. These can infect your computer with malware in order to view private information, steal money, disrupt business operations or destroy data. `Spear phishing' attacks are aimed at carefully selected groups, whose recipients have been researched through social media or websites containing profiles. High-volume phishing targets as many recipients as possible by using important-looking documents as lures.

How can I defend my business against phishing?

  • Restrict, limit and manage your staff's access to systems, confidential or financial information.
  • Use trusted websites and never open attachments, click links or download software from unknown or questionable sources.
  • Put in place training and policies to ensure that staff have the knowledge to spot suspicious emails, safely conduct business online and protect their identities.

Business e-mail compromise

Business email compromise targets companies irrespective of size, industry, who or how they bank. A fraudster impersonates a legitimate person and emails a company's payments team to convince them to make an urgent payment or change account details. The sender's email may match or be closely similar to a real one, and it often instructs the recipient not to discuss the matter with anyone else. Business email compromise can be difficult to spot and can cause a significant financial loss or damage to your reputation.

How can I defend my business against email compromise?

  • Make staff aware and alert to specific indications of this type of fraud, such as requests for secrecy, pressure to act quickly and sudden changes to the payment operations of your service suppliers.
  • Use a two-step verification process that includes a non-email check (e.g. phone/SMS). Carefully scrutinise any payment requests and always independently verify if you're unsure.
  • Always use known contact details to follow up on requests; this means that you should avoid using telephone numbers included in emails or the direct reply function.

Text and phone scams

Phishing phone calls ('vishing') and scam texts ('smishing') are cheap and easy attacks to commit. Both can result in theft or fraud by tricking you into installing malware or divulging personal information. Vishing calls alarm recipients into making payments or providing important financial information. Smishing texts usually claim to be from a bank, requesting urgent action, convincing you to click on malicious links, download malware or enter personal information.

How can I defend my business against vishing and smishing?

  • Train staff to never share financial or company information with unverified caller/texters.
  • Raise your business' awareness of vishing/smishing and be vigilant for these signs:
  • The caller refers to the organisation, by name, on a supposedly internal call.

    The call is frivolously directed through the UK, despite the caller wanting information on a different country to their own.

    The caller instructs the recipient on using internal systems, to provide information.

Related Articles

Tomorrow Ready

Access tools, resources and insights to help get your business fit for the future.

Need help?

Get in touch to learn more about our banking solutions